/*
 * Copyright (c) 2008 Frederic Daoud
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.stripesbook.article.extension;

import javax.servlet.http.HttpSession;

import net.sourceforge.stripes.action.ActionBean;
import net.sourceforge.stripes.action.RedirectResolution;
import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.controller.ExecutionContext;
import net.sourceforge.stripes.controller.Interceptor;
import net.sourceforge.stripes.controller.Intercepts;
import net.sourceforge.stripes.controller.LifecycleStage;
import net.sourceforge.stripes.controller.UrlBinding;
import net.sourceforge.stripes.controller.UrlBindingFactory;

import org.stripesbook.article.action.LoginActionBean;

@Intercepts(LifecycleStage.ActionBeanResolution)
public class SecurityInterceptor implements Interceptor {
  public Resolution intercept(ExecutionContext execContext) throws Exception {
    Resolution resolution = execContext.proceed();

    ActionBean actionBean = execContext.getActionBean();
    UrlBinding urlBinding = new UrlBindingFactory().getBindingPrototype(
      actionBean.getClass());

    if (urlBinding.getPath().startsWith("/secure")) {
      HttpSession session = execContext.getActionBeanContext().getRequest()
        .getSession(false);

      if (session == null || session.getAttribute("user") == null) {
        resolution = new RedirectResolution(LoginActionBean.class);
      }
    }
    return resolution;
  }
}
